Medical identity theft on the rise

A new study from the Ponemon Institute, sponsored by Experian, finds that almost 1.5 million Americans are victims of medical identity theft – an increase from last year. While consumers grasp the importance of protecting their medical and personal information, it reports, few take the precautions to avoid medical ID theft.

The study also found that the average cost to resolve a case of medical identity theft stands at $20,663 – up from $20,160 in 2010.

Recognizing the importance of privacy does not equate to action. Despite consumers wanting data privacy – and strong statistical evidence of data vulnerability – people are not taking action to protect their valuable health information. Nearly 70 percent of respondents felt it was important to have control over their medical records, and 80 percent felt that healthcare organizations should ensure the privacy of these records. But those beliefs do not translate to action: 49 percent of victims took no new steps to protect themselves after a crime.

Consumer indifference is fueled by lack of understanding of repercussions. Half of former victims chose not to report the incident to law enforcement at all, up from 46 percent in the 2010 study. The chief reason for this was the lack of resulting harm and the desire to not "make it a big deal" (43 percent). In fact, more victims fear embarrassment (37 percent) than the loss of medical coverage (21 percent) or a diminished credit score (18 percent) as a potential result of medical identity theft.

Medical data breach notification fails to protect the consumer. The risk of medical identity theft lies beyond consumer control, as health care organization data breach accounts for a significant portion of reported incidents. When a breach occurs, the organization normally is required to inform the affected people, depending on state law notification requirements. But just 5 percent of victims learned of their theft from a data breach notification – a troubling fact, considering that data breach accounted for 14 percent of all theft instances. This includes breaches involving health care providers, insurers or other related organizations.

Consumers are uninformed of new health care reform policies. The majority of survey respondents (55 percent) are not familiar with or have no knowledge of the new policies. And more than three quarters, 79 percent, are not aware of the creation of a national electronic database of Americans' health information. Meanwhile, 33 percent believe that a national electronic database will increase the risk of medical identity theft.

Medical identity theft is a family affair. Remarkably, the study showed the rate at which medical identity theft occurs between family members. Theft of this nature accounted for 36 percent of all victim responses, making it the most common type of theft. The frequency of family-related medical identity theft contributed to the most commonly stated reason (51 percent) why victims elected not to report a given incident: the victim discovered that he or she knew the thief and did not want to report him or her.

"The results of this study shed a troubling light on not only the pervasiveness and consumer perceptions of medical identity theft, but also the dangers of data breach," said Jennifer Leuer, general manager of Experian's ProtectMyID.

"Our study shows that the risk and high cost of medical identity theft are not resonating with the public, revealing a serious need for greater education and awareness," said Larry Ponemon, chairman and founder of the Ponemon Institute. "We also feel these results put an even greater onus on healthcare organizations to make the security of sensitive personal health information a priority in order to protect patient privacy."